Ask stories

Recently built something where simple domain-specific heuristics crushed a fancy ML approach I assumed would win. This has me thinking about how often we reach for complex tools when simpler ones would work better. Occam's razor moments.

Anyone have similar stories? Curious about cases where knowing your domain beat throwing compute at the problem.

For several weeks now I've been receiving spam impersonating Gmail. It always contain link to https://storage.googleapis.com/rightsmoves/... The email looks like this:

https://imgur.com/xyXfPI8

Even Google's own Gemini knows it's a scam:

> The URL https://storage.googleapis.com/rightsmoves/ points to a specific Google Cloud Storage bucket named "rightsmoves". Based on recent security data and web scans, this particular bucket has been associated with malicious activity, specifically phishing and "traffic stealing" schemes.

I've reported it several times via Google Cloud Platform abuse form and they ignore it.

Is it Google's total incompetence? Why are they allowing scams from their own domain?

Considering there is very little moat left in software and big companies can copy your product in no time?

Hello HN! I am putting together a community-maintained directory of personal websites at https://hnpwd.github.io/. More details about the project can be found in the README at https://github.com/hnpwd/hnpwd#readme.

As you can see, the directory currently has only a handful of entries. I need your help to grow it. If you have a personal website, I would be glad if you shared it here. If your website is hosted on a web space where you have full control over its design and content, and if it has been well received in past HN discussions, I might add it to the directory. Just drop a link in the comments. Please let me know if you do not want your website to be included in the directory.

Also, I intend this to be a community maintained resource, so if you would like to join the GitHub project as a maintainer, please let me know either here or via the IRC link in the README.

By the way, see also 'Ask HN: Could you share your personal blog here?' - https://news.ycombinator.com/item?id=36575081 - July 2023 - (1014 points, 1940 comments). In this post, the scope is not restricted to blogs though. Any personal website is welcome, whether it is a blog, digital garden, personal wiki or something else entirely.

UPDATE: It is going to take a while to go through all the submissions and add them. If you'd like to help with the process, please send a PR directly to this project: https://github.com/hnpwd/hnpwd.

I've been seeing full-on pornographic video ads for dick pills inserted into innocuous YouTube videos, like educational content.

Immediately reported to Google, over a week ago.

No response, and I've seen the ad multiple times now, on different browsers/devices.

Do actual humans review this, or does Google automate to the point everything's a bot?

Malicious ads are as old as time but this is as egregious as I've ever seen it.

I am curious how people are doing RAG locally with minimal dependencies for internal code or complex documents?

Are you using a vector database, some type of semantic search, a knowledge graph, a hypergraph?

Countless voiceless people sit alone every day and have no one to talk to, people of all ages, who don't feel that they can join any local groups. So they sit on social media all day when they're not at work or school. How can we solve this?

I am a big fan of Claude Opus as it has been very good at understanding feature requests and generally staying consistent with my codebase (completely written from scratch using Opus).

I've noticed recently that when I am using Opus at night (Eastern US), I am seeing it go down extreme rabbit holes on the same types of requests I am putting through on a regular basis. It is more likely to undertake refactors that break the code and then iterates on those errors in a sort of spiral. A request that would normally take 3-4 minutes will turn into a 10 minute adventure before I revert the changes, call out the mistake, and try again. It will happily admit the mistake, but the pattern seems to be consistent.

I haven't performed a like for like test and that would be interesting, but has anyone else noticed the same?

Doesn't matter what domain and how big or small.

I had the username @switzerland since 20.03.2006. Swiss tourism had another username since 17.10.2006. Now recently google gave my username away to swiss tourism without any notification. Their other username was fine for literally 20 years.

Worse, the app still showed my username for a long time meanwhile youtube.com/@Switzerland already showed that of swiss tourism (Schweiz Tourismus) and I was not aware of that. Hence, I lost it some months ago.

Why do I tell you? You might loose your username and you aren't even aware of it.

Hi folks! I have huge success on a prototype of this approach:

- Store all data as json

- App loads: load full json on a client

- Something changes by user - change json locally and every 10 seconds save whole json to backend as a single json file

- also every 10 seconds load the updated json from backend to client.

Yes, I know, parallel access problems, lack of schema, lack of db, using file to store. But how much it makes life easier and speed ups development at start! I am in this over 20 years, and I like dumb stupid solutions applied properly. Duct taping forever!

Background: I manage an ecommerce website. Recent bot traffic is up. Most traffic can be traced to one or two IP addresses with hundreds of requests per day. These ip addresses don't have DNS records for reverse lookup, and when I map the requests in cloudflare, one address shows up as requesting from different data centers all over the US. What is going on here? Source IP example 173 . 245 . 58 . 0

Chicago, United States (ORD)

340 requests

San Jose, United States (SJC)

330 requests

Los Angeles, United States (LAX)

310 requests

Atlanta, United States (ATL)

310 requests

Dallas-Fort Worth, United States (DFW)

290 requests

Newark, United States (EWR)

280 requests

Washington, United States (IAD)

230 requests

Miami, United States (MIA)

210 requests

Boston, United States (BOS)

140 requests

Singapore, Singapore (SIN)

130 requests

Thanks for ideas.

In many currently active threads, members of the community are alluding to major productivity gains with more recent LLM models. I think it would be illuminating for all of us to hear what sorts of problem domains and lines of business these successes have occurred in.

A good example would be: "My team used Claude Code Opus 4.5 to build and ship an iOS fitness app that now has 10k paying users." This shows that the results of your process found paying customers.

Less helpful example would be: "My team is closing tickets faster than ever" or "I finally finished the novel I have been working on and my friends say it's great!" These are less interesting because they do not give us any insight into the market response.

I’m working on a project called Injectless — a browser extension that allows websites to explicitly declare which data they are allowed to inject into external sites, fully controlled by the user.

Note: This post was translated to English using AI. My native language is Spanish.

The Problem:

Users of SaaS apps (accounting, project management, etc.) often need to repeatedly copy data into external forms (government portals, client systems, etc.). Today this is a tedious, fully manual process.

My Current Solution

A browser extension where:

- Websites expose an injectless.json declaring which fields they can fill and on which domains

- The user explicitly installs the integration (one-click opt-in)

- When visiting an allowed site, the extension offers to “paste” each field

The Doubt

A friend suggested that instead of a browser extension, this should be a native app (similar to KeePassXC or Espanso) that:

- Works in any browser without installing multiple extensions

- Pastes sequences of fields using TAB (simpler, more universal)

- Works even outside the browser

- Avoids extension permissions, CSP issues, Shadow DOM, etc.

My Concerns About a Native App

- Mobile: Browser extensions do work on mobile (Safari iOS, Firefox Android). Native apps would face heavy sandboxing restrictions

- UX: The extension popup can show exactly which fields are available for the current page. A native app would be more “blind”

- Context: The extension knows which page you’re on and can automatically validate allowed domains

The Question

What seems more valuable / practical?

A) Browser extension (current approach) — more context, mobile support, clearer UX

B) Native app like Espanso/KeePassXC — more universal, single install, simpler

C) Both — native app as a base + optional extension as a companion for better UX

Has anyone worked on something similar?

What trade-offs might I be missing?

Thanks!

What are you working on? Any new ideas that you're thinking about?

It has been 120 hours (5 days) since the internet shutdown in Iran began. While international phone calls have started working again, data remains blocked.

I am looking for technical solutions to establish resilient, long-term communication channels that can bypass such shutdowns. What are the most viable options for peer-to-peer messaging, mesh networks, or satellite-based solutions that don't rely on local ISP infrastructure?

Inspired by the post that's on the front page as I write this [1] I'm interested to hear about who's using DuckDB in production and how.

We have a tool live that uses it and I'm quite happy so I'm both looking for interesting use cases from others but also to be honest I'm reasonably sure I've just identified today that DuckDB is leaking memory quite seriously [2] so I'm curious to hear if other people have noticed this or if it's maybe something that's not as relevant to others since people might be running DuckDB pipelines in ephemeral envs like lambdas etc. where a memory leak might not matter as much.

[1] https://news.ycombinator.com/item?id=46645176

[2] https://github.com/duckdb/duckdb/issues/20569

I have been using Claude Code for DevOps style tasks like SSHing into servers, grepping logs, inspecting files, and querying databases

Overall it's been great. However, I find myself having to review every single command, a lot of which are repetitive. It still saves me a ton of time, but it's quickly becoming a bit tedious

I wish I could give the agent some more autonomy. Like giving it a list of pre-approved commands or actions that it is allowed to run over ssh

For example:

    OK: ls, grep, cat, tail
    Not OK: rm, mv, chmod, etc
    OK: SELECT queries
    Not OK: INSERT, DELETE, DROP, TRUNCATE

What setups have actually worked for you, and where do you draw the line between autonomy and risk?

Curious what items under $100 have made your life better or any meaningful impact.

Revival of this [thread](https://news.ycombinator.com/item?id=23363396) from 6 years ago. Thought it would be fun to have new answers to this :)

This afternoon I posted some tips on how to present a new* programming language to HN: https://news.ycombinator.com/item?id=46608577. It occurred to me that HN has a tradition of posts called "The {name} programming language" (part of the long tradition of papers and books with such titles) and it might be fun to track them down. I tried to keep only the interesting ones:

https://news.ycombinator.com/thelang

Similarly, Show HNs of programming languages are at https://news.ycombinator.com/showlang.

These are curated lists so they're frozen in time. Maybe we can figure out how to update them.

A few famous cases:

The Go Programming Language - https://news.ycombinator.com/item?id=934142 - Nov 2009 (219 comments)

The Rust programming language - https://news.ycombinator.com/item?id=1498528 - July 2010 (44 comments)

The Julia Programming Language - https://news.ycombinator.com/item?id=3606380 - Feb 2012 (203 comments)

The Swift Programming Language - https://news.ycombinator.com/item?id=7835099 - June 2014 (926 comments)

But the obscure and esoteric ones are the most fun.

(* where 'new' might mean old, of course - https://news.ycombinator.com/item?id=23459210)

I've got an email from Linkedin:

> ## colleagues from your company already solved LinkedIn puzzle games

Are you f%%n serious, Linkedin? This is a freaking spam from "Linkedin games".

The question is, how to stop it not like unsubscribe, but how to make it painful for them to do spam us?

I ran into a practical limitation while working on ML feature engineering and multi-omics data.

At some point, the problem stops being “how many rows” and becomes “how many columns”. Thousands, then tens of thousands, sometimes more.

What I observed in practice:

- Standard SQL databases usually cap out around ~1,000–1,600 columns. - Columnar formats like Parquet can handle width, but typically require Spark or Python pipelines. - OLAP engines are fast, but tend to assume relatively narrow schemas. - Feature stores often work around this by exploding data into joins or multiple tables.

At extreme width, metadata handling, query planning, and even SQL parsing become bottlenecks.

I experimented with a different approach: - no joins - no transactions - columns distributed instead of rows - SELECT as the primary operation

With this design, it’s possible to run native SQL selects on tables with hundreds of thousands to millions of columns, with predictable (sub-second) latency when accessing a subset of columns.

On a small cluster (2 servers, AMD EPYC, 128 GB RAM each), rough numbers look like: - creating a 1M-column table: ~6 minutes - inserting a single column with 1M values: ~2 seconds - selecting ~60 columns over ~5,000 rows: ~1 second

I’m curious how others here approach ultra-wide datasets. Have you seen architectures that work cleanly at this width without resorting to heavy ETL or complex joins?

Curious how people here think about this.

Building websites is easier than ever, but maintaining them still feels like overhead in many cases.

I’ve been exploring the idea of a “public page” — not a full website, not a CMS — just a clean, read-only place to share information that already lives somewhere structured (like a spreadsheet).

I put together a small experiment to understand this pattern: https://www.sheet2notice.com

Not looking to promote it here — more interested in whether this problem resonates, and how others solve it today.

Do you still build a site anyway, or is there a lighter approach that works well?

Yesterday my production app went down. The cause? DigitalOcean's managed PostgreSQL update broke private VPC connectivity to their managed Kubernetes.

Public endpoint worked. Private endpoint timed out. Root cause: a Cilium bug (#34503) where ARP entries go stale after infrastructure changes.

DO support responded relatively quickly (<12hrs). Their fix? Deploy a DaemonSet from a random GitHub user to ping stale ARP entries every 10 seconds. The upstream Cilium fix is merged but not yet deployed to DOKS. No ETA.

I chose managed services specifically to avoid ops emergencies. We're a tiny startup paying the premium so someone else handles this. Instead, I spent late night hours debugging VPC routing issues in a networking layer I don't control.

HN's usual advice is "just use managed services, focus on the business." Generally good advice. But managed doesn't mean worry-free, it means trading your failure modes for the vendor's failure modes. You're not choosing between problems and no problems. You're choosing between problems you control and (fewer?) problems you don't.

Still using DO. Still using managed services. Just with fewer illusions about what "managed" means.

A friend and I have been working on a fintech prototype for the past three years. We’ve built the AI, developed a working demo, and are now at the stage where we need capital to cover licensing and move toward commercialization.

An experienced advisor—who has had two to three successful exits—has offered to help. He would lead the deck creation, handle pitching, and raise approximately $4–5 million from his network(other VCs). If his health permits, he may also join the company full-time afterward.

What would be an appropriate compensation structure in this situation? He is asking for 5% equity and 5% cash compensation.

I have ADHD. I think. Pretty sure. I have thoughts, ideas, projects, concepts, links, things to read... fired at my brain all day every day. I can go deep on a topic for hours, but then be hit by a barrage of micro ideas. I really struggle to stay on track and focus. Oh and I run a business, manage people, try to make a profit. It's hard. And kids. And life?

I think there is a founder/ADHD thing. Paul Graham thinks so. Maybe even a tech person angle. What have other people experienced?

And how do others cope? I don't really know this world. I do know that my old boss once called me a "flagitating laser beam". I think he meant distracted. I use a bunch of systems to cope. For a long time lists, and then Asana. Asana ruled my life. I just built my own thing to capture tasks, projects, but also knowlegde. Not sure if it will help we will see.

So tell me:

- Who else feels this way? - How do you manage? - Oh and how do you switch off? That is hard

Could be in you career, business or general life.

Something you recently picked up that would have had even greater impact if only you started a few years ago.

I had an experience yesterday launching on Show HN that really threw me. The product triggered people's "privacy sense" immediately.

My first reaction was defensive. I took it personally. I thought: Do you really think I’m a scammer? I pour my soul into meticulously crafting products to delight users, not to trick them. Why would I trash all that effort and disrespect my own goals by doing something as stupid as stealing data? It felt insulting that people assumed malice when I was just trying to build something useful.

But after sitting with it, I realized those initial comments—the ones I wanted to dismiss as paranoia—were actually right. Not about me, but about the environment we operate in.

There are enough shady companies, data brokers, and bad actors out there who abuse user trust with impunity. We’ve all seen big corporations bury invasive tracking in their terms of service. As a builder, I don't operate in that world; I’m just focused on making things work. But for users, that betrayal is their baseline reality. They have been trained to expect the worst.

I realized I hadn’t factored that into the launch. I didn’t explicitly state "Your data remains yours" because to me, it was obvious. Why would I want your data? But in an industry that has systematically mined, stolen, and abused user boundaries for a decade, you can’t blame people for checking for the exits. They aren't being "ninnies"; they are being wise.

If I were using a new tool that had access to my workflow, I would want explicit assurance that my IP wasn't being siphoned off. I just forgot to view my own product through the lens of a weary stranger rather than the optimisitc builder who wrote the code.

This is especially true now because the landscape has changed. There was an old PG essay about how ideas are cheap and execution is everything. That’s shifting. AI has made execution cheap. That means ideas are prime again.

Because execution is distributed and fast, first-mover advantage, brand, and reputation matter more than ever. Your prompts and your workflow are your IP.

So, privacy isn't just a compliance box; it's a competitive requirement. I don't think we need full-NSA-level paranoia for every tool, but we do need to recognize the environment we are launching into. The "security purists" were right to push back: I didn't think about that aspect enough, and in 2025, trust is the only currency that matters.

I asked this back in 2022:

https://news.ycombinator.com/item?id=32723101

What's the latest this year?

I'm not looking for SUNO generated AI Music, that type of AI slop is cheap and easy. I'm looking amazing voice + instrumentation cloning paired with human creative input.

What are some good resources viz. books/papers/articles/videos/etc. to study about the three domains listed above (from Basics to Advanced)?

1) Quantum Computation: What exactly are the abstract models of computation here? Are the Classical Computation models i.e. https://en.wikipedia.org/wiki/Model_of_computation applicable? What other new models have been invented?

2) Quantum Computers: What is the Physics, Organization and Architecture of these? In classical computers you have semiconductor physics, electronic elements and voltage thresholds mapping to logical 1's and 0's. This is then used to build layers of abstractions. What are their equivalents in a quantum computer? https://en.wikipedia.org/wiki/Quantum_computing has a lot of info. but not quite structured for understanding.

3) Quantum Programming: A lot is mentioned at https://en.wikipedia.org/wiki/Quantum_programming and Amazon lists a bunch of books on this topic but am not quite clear on how everything fits. Also as i understand, quantum computing/programming can be simulated on classical hardware but am not clear on the how.

PS: Some detailed examples as to how quantum computers/programming actually help you solve problems which cannot be solved on classical computers would be helpful to bring everything together. Shor's algorithm (https://en.wikipedia.org/wiki/Shor%27s_algorithm) is often mentioned but perhaps starting with a far simpler example would be more accessible.

PPS: In particular; I would love to hear from folks who actually study/research/work in this domain regarding what they actually do, its real-world applicabilities and how to go about learning the subject.